From: Chuck Lever <cel@kernel.org>
To: anna.schumaker@netapp.com, trondmy@hammerspace.com
Cc: Chuck Lever <chuck.lever@oracle.com>,
Jeff Layton <jlayton@kernel.org>,
jlayton@redhat.com, linux-nfs@vger.kernel.org,
kernel-tls-handshake@lists.linux.dev
Subject: [PATCH v3 06/11] SUNRPC: Capture CMSG metadata on client-side receive
Date: Tue, 30 May 2023 10:07:42 -0400 [thread overview]
Message-ID: <168545565218.1917.15517436581195247082.stgit@oracle-102.nfsv4bat.org> (raw)
In-Reply-To: <168545533442.1917.10040716812361925735.stgit@oracle-102.nfsv4bat.org>
From: Chuck Lever <chuck.lever@oracle.com>
kTLS sockets use CMSG to report decryption errors and the need
for session re-keying.
For RPC-with-TLS, an "application data" message contains a ULP
payload, and that is passed along to the RPC client. An "alert"
message triggers connection reset. Everything else is discarded.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Reviewed-by: Jeff Layton <jlayton@kernel.org>
---
net/sunrpc/xprtsock.c | 49 +++++++++++++++++++++++++++++++++++++++++++++++--
1 file changed, 47 insertions(+), 2 deletions(-)
diff --git a/net/sunrpc/xprtsock.c b/net/sunrpc/xprtsock.c
index 37f608c2c0a0..6f2fc863b47e 100644
--- a/net/sunrpc/xprtsock.c
+++ b/net/sunrpc/xprtsock.c
@@ -47,6 +47,8 @@
#include <net/checksum.h>
#include <net/udp.h>
#include <net/tcp.h>
+#include <net/tls.h>
+
#include <linux/bvec.h>
#include <linux/highmem.h>
#include <linux/uio.h>
@@ -342,13 +344,56 @@ xs_alloc_sparse_pages(struct xdr_buf *buf, size_t want, gfp_t gfp)
return want;
}
+static int
+xs_sock_process_cmsg(struct socket *sock, struct msghdr *msg,
+ struct cmsghdr *cmsg, int ret)
+{
+ if (cmsg->cmsg_level == SOL_TLS &&
+ cmsg->cmsg_type == TLS_GET_RECORD_TYPE) {
+ u8 content_type = *((u8 *)CMSG_DATA(cmsg));
+
+ switch (content_type) {
+ case TLS_RECORD_TYPE_DATA:
+ /* TLS sets EOR at the end of each application data
+ * record, even though there might be more frames
+ * waiting to be decrypted.
+ */
+ msg->msg_flags &= ~MSG_EOR;
+ break;
+ case TLS_RECORD_TYPE_ALERT:
+ ret = -ENOTCONN;
+ break;
+ default:
+ ret = -EAGAIN;
+ }
+ }
+ return ret;
+}
+
+static int
+xs_sock_recv_cmsg(struct socket *sock, struct msghdr *msg, int flags)
+{
+ union {
+ struct cmsghdr cmsg;
+ u8 buf[CMSG_SPACE(sizeof(u8))];
+ } u;
+ int ret;
+
+ msg->msg_control = &u;
+ msg->msg_controllen = sizeof(u);
+ ret = sock_recvmsg(sock, msg, flags);
+ if (msg->msg_controllen != sizeof(u))
+ ret = xs_sock_process_cmsg(sock, msg, &u.cmsg, ret);
+ return ret;
+}
+
static ssize_t
xs_sock_recvmsg(struct socket *sock, struct msghdr *msg, int flags, size_t seek)
{
ssize_t ret;
if (seek != 0)
iov_iter_advance(&msg->msg_iter, seek);
- ret = sock_recvmsg(sock, msg, flags);
+ ret = xs_sock_recv_cmsg(sock, msg, flags);
return ret > 0 ? ret + seek : ret;
}
@@ -374,7 +419,7 @@ xs_read_discard(struct socket *sock, struct msghdr *msg, int flags,
size_t count)
{
iov_iter_discard(&msg->msg_iter, ITER_DEST, count);
- return sock_recvmsg(sock, msg, flags);
+ return xs_sock_recv_cmsg(sock, msg, flags);
}
#if ARCH_IMPLEMENTS_FLUSH_DCACHE_PAGE
next prev parent reply other threads:[~2023-05-30 14:07 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-05-30 14:05 [PATCH v3 00/11] client-side RPC-with-TLS Chuck Lever
2023-05-30 14:05 ` [PATCH v3 01/11] NFS: Improvements for fs_context-related tracepoints Chuck Lever
2023-05-30 14:06 ` [PATCH v3 02/11] SUNRPC: Plumb an API for setting transport layer security Chuck Lever
2023-05-30 14:06 ` [PATCH v3 03/11] SUNRPC: Trace the rpc_create_args Chuck Lever
2023-05-30 14:06 ` [PATCH v3 04/11] SUNRPC: Add RPC client support for the RPC_AUTH_TLS auth flavor Chuck Lever
2023-05-30 14:07 ` [PATCH v3 05/11] SUNRPC: Ignore data_ready callbacks during TLS handshakes Chuck Lever
2023-05-30 14:07 ` Chuck Lever [this message]
2023-05-30 14:08 ` [PATCH v3 07/11] SUNRPC: Add a connect worker function for TLS Chuck Lever
2023-05-30 15:10 ` Trond Myklebust
2023-05-30 14:08 ` [PATCH v3 08/11] SUNRPC: Add RPC-with-TLS support to xprtsock.c Chuck Lever
2023-05-30 14:09 ` [PATCH v3 09/11] SUNRPC: Add RPC-with-TLS tracepoints Chuck Lever
2023-05-30 14:09 ` [PATCH v3 10/11] NFS: Have struct nfs_client carry a TLS policy field Chuck Lever
2023-05-30 14:09 ` [PATCH v3 11/11] NFS: Add an "xprtsec=" NFS mount option Chuck Lever
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=168545565218.1917.15517436581195247082.stgit@oracle-102.nfsv4bat.org \
--to=cel@kernel.org \
--cc=anna.schumaker@netapp.com \
--cc=chuck.lever@oracle.com \
--cc=jlayton@kernel.org \
--cc=jlayton@redhat.com \
--cc=kernel-tls-handshake@lists.linux.dev \
--cc=linux-nfs@vger.kernel.org \
--cc=trondmy@hammerspace.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).